2022 in review: NIST, Press, Signal, Predictions

From long-awaited new standards to fresh investment and renewed interest in cybersecurity, 2022 has truly been a year of transformation – both for PQShield and cryptography as a whole.

January saw us secure $20 million of funding towards research, product development, and recruiting – all in the name of keeping data secure against the cyber threats of today AND tomorrow. This investment has enabled us to maintain our position as the industry-leading authority on post-quantum cryptography (PQC), while continuing to help both private and public organizations future-proof their information. It’s also allowed us to become involved in all key algorithms, contribute to advanced protocols such as Signal, pioneer SCA for PQC, as well as ensure our software is validated for FIPS 140-3 certification.

In May, the National Institute of Standards and Technology (NIST) announced the first four quantum-resistant algorithms that will form part of the PQC standard – all of which featured contributions from PQShield. CRYSTALS-KYBER (co-authored by our advisory board member Professor Peter Schwabe) was chosen as the new standard for public-key encryption/KEMs, while Falcon (led and co-authored by our own Dr Thomas Prest), CRYSTALS-Dilithium and SPHINCS+ (again, co-authored by Professor Peter Schwabe) are set to be standardized for digital signatures.

Summer 2022 brought with it the return of in-person events. While we fully embrace the opportunities provided by virtual conferences, our team truly thrives in environments where they are able to interact with new technology first-hand, as well as meet with prospective customers, partners and suppliers. 2022 saw us attend over 40 events across 10 countries – and we’re looking forward to many more in the year ahead.

September saw us refresh our acclaimed white paper summaries in light of the new standards, adding yet more expert insight and practical information. This series of essential PQC reading was soon complemented by a new paper on the Signal Protocol, entitled Secure Messaging in a Post-Quantum World. So successful was this publication that we hosted a webinar on the topic in November, further expanding on our insights in this field.

This period was also notable for reward and recognition, as Team PQshield members as well as the company as a whole received accolades in light of recent work. In September, Lead Cryptography Hardware Engineer Ben Marshall’s work on MIRACLE was named best paper at CHES, while in November, Cryptography Research Consultant Shuichi Katsumata was named in MIT Technology Review’s Innovators Under 35 Japan list, and we were thrilled to be honored at Fast Company‘s Next Big Things in Tech 2022 awards.

It’s certainly been an eventful year, but we’re nothing if not forward-thinking, and we understand more than most that it always pays to be ahead of the curve. So, what’s next in the world of PQC, you ask? Our experts share their predictions for the 12 months ahead…

Graeme Hickey, Senior Director of Engineering

“In 2023 I believe we will start to see major Silicon IP providers and OEMs announce products containing PQC. As the NIST standardization process gathers pace, more end users will start to engage in how PQC will affect them and what they should be doing to prepare. I also think we will start to see the rise of interest in support for other PQC standardization proposals such as from China and Korea.”

Kris Kwiatkowski, Staff Cryptography Architect

“PQC algorithms selected by NIST will be changed. Probably not a lot, but enough to make them incompatible with current implementations. Hardware is expensive to produce and, as a consequence, pure HW implementations won’t be available until NIST finalizes the PQC standards. As it’s very easy to change software implementations, those will be the ones which we will see deployed first on production environments.”

“PQC became a buzzword in the industry this year. It’s great that the market is growing, but for customers it may be challenging to separate companies with real expertise in the field from those who simply have good sales patter and marketing.”

“Ultimately, customers will choose the provider that can make migration to PQC less painful. Having good PQC products is obviously a must, but having data from meaningful experiments is key to successful migration. Typical questions from customers will be; “What’s the impact of PQC on performance? What’s the impact on latency for my customers? How can I migrate in a backward-compatible manner without affecting third parties? Where should we use hybrid-schemes as opposed to pure PQ schemes, so that there is no regression in security and minimal regression in performance? What are the standards for hybrid schemes?”

Ben Packman, SVP Strategy

“It’s become increasingly clear that quantum security simply can not be implemented in isolation. Pockets of defense will be of little benefit overall if there is a breakdown in the integrity of cryptography down the line. That’s why we have developed and delivered core crypto modules and protocols in both software and hardware for licensing across the entire secure products supply chain.

“Moving forward, it’s also essential that we reinforce the idea of agility. The quantum threat is ever-evolving; impacting every industry, technology and use case in a different way. This once-in-a-generation shift is broad, complex and continuous, so it’s crucial that all future cryptography is deployed in a way that allows for inevitable change.”